Lucene search
Abdelhamid Naceri (halov)ZDI-21-283HistoryMar 15, 2021 - 12:00 a.m.
Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability
2021-03-1500:00:00
Abdelhamid Naceri (halov)
www.zerodayinitiative.com
22
0.001 Low
EPSS
Percentile
32.1%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to create a second junction in a sensitive location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cvelist
cvelist
mscve
mscve
Windows User Profile Service Elevation of Privilege Vulnerability
2021-03-09 08:00:00
nvd
nvd
CVE-2021-26873
2021-03-11 16:15:14
cve
cve
CVE-2021-26873
2021-03-11 16:15:14
prion
prion
Privilege escalation
2021-03-11 16:15:00
mskb
mskb
March 9, 2021âKB5000844 (Monthly Rollup)
2021-03-09 08:00:00
March 9, 2021âKB5000856 (Security-only update)
2021-03-09 08:00:00
March 9, 2021âKB5000807 (OS Build 10240.18874)
2021-03-09 08:00:00
nessus
nessus
KB5000856: Windows Server 2008 March 2021 Security Update
2021-03-09 00:00:00
KB5000807: Windows 10 March 2021 Security Update
2021-03-09 00:00:00
KB5000851: Windows 7 and Windows Server 2008 R2 March 2021 Security Update
2021-03-09 00:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
KLA12111 Multiple vulnerabilities in Microsoft Windows
2021-03-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5000807)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000847)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000802)
2021-03-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03